Slashdot Mirror
Ontario Court Wrong About IP Addresses, Too
Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts:
"An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?"
Read on for Bennett's analysis.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.
In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."
Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".
Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.
Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".
Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.
On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.
This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.
Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.
Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)
So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."
Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.
In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."
Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".
Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.
Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".
Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.
On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.
This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.
Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.
Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)
So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."
Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.
Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.
"I think judges should get expert opinion outside the courtroom."
There, that wasn't so hard, was it?
May I suggest the following link
The police using an IP Number to locate my address is no different than if they did a Reverse Phone Number lookup. If the latter does not violate my rights, then the former does not violate my rights either.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I did a quick search on "phone" and found no references to Canadian case law dealing with warrents and phone numbers--the obvious precedent for warrents and IP addresses. Why is this even posted if the most basic of research hasn't been done?
Sorry, Bennett Hasleton, but I might listen a little closer if you got a better nickname. "Bennett Hasleton" just sounds like the name for the male lead in a romance novel. Bennett Hasleton smirked roguishly as he pushed his mirrored aviators over his bronzed, jutting face. Aubrey St. Croix quivered as she caught his reflection in the Florentine bakery window.
Bennett Hasleton looks down his nose at you lowly plebes. Bennett Hasleton lives in a world filled with glamour and mysterious women. Bennett Hasleton drives a car that's more expensive than your house. And if I ever meet Bennett Hasleton, I will KICK HIS ASS!
PS His real name is Hassell "the United Colors of" Bennetton!
(-1, Raw and Uncut is the only way to read)
A better analogy is: If police find a repair receipt with an order number, can the police go to the shop and ask for the name of the customer?
A receipt number is neither public nor private, it is merely obscure. Can a business owner not voluntarily give information to the police? If the business has a privacy contract with the customer, a violation is a contract law issue between the customer and the business, and not a constitutional issue.
If the business won't voluntarily provide the information, the police can use a search warrant to search the business. But that is a situation between the business and the police, not the customer. And if the business voluntarily gives the information the police haven't conducted a search.
More obviously, the "phone book" analogy also fails apart, to some extent, because traditional phone books are indexed by last name and NOT by address or phone number. Prior to the advent of searchable electronic versions, the public would not have been able to find your name from your address through a phone book without going through record by record. Granted, this argument is moot because such electronic databases DO exist, but it strikes me as showing how much care went into the Crown's argument.
What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?
You want summaries of summaries? OK, we're all screwed. Feel informed now?
It strikes me that "reasonable expectation" would mean, "reasonable by those in the community in question".
Was this judge a regular Internet user? If not, is his opinion about what's a "reasonable expectation" relevant, or should he poll, for example, 1000 high-school and college kids regarding whether or not they expect their IP#'s to be tied back to them as people?
I'm not sure whether to be thrilled that you posted John Galt's Speech, upset that it's just a short summary that leaves out a lot of his best points, or confused since I'm really not sure how it applies to the Anonymity of IP Addresses at _all_.
Ayn Rand hates large government, sure, but the government does many things much more contrary to her cause (Economics, redistribution of wealth, other social programs) than, say, ruling that IP Addresses aren't private.
When I look up my phone # in a reverse directory, I get the a result like the following:
Type: Cell Phone
Provider: Someprovider
Location: Somecity, SomeProvince
There are plenty of reasons *NOT* to have your personal information linked to your phone #. The same should apply to your IP.
Lets take a different analogy. A credit card number.
Like an IP address, that number is handed out by a company and is linked to my name at a particular point in time. I am responsible for it during that period of time.
Both credit card number and name are kept in a database, just like the MAC address of my modem and subscriber information. How does this make it public information that can be published?
The judge's analogy fails in several ways, but one is that I can ask the phone company for an unlisted phone number.
Obviously, there's no way to ask for an "unlisted" IP address.
This space left intentionally blank.
Your phone number and address specify where you live. Your IP address in an apache log specifies:
Where you were at what time and what you were doing.
Big difference.
Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!
"There is no confidentiality left on the Internet if this ruling stands," said James Stribopoulos, a law professor.
I just can't believe this. I thought in the US you have to have a warrant to get an IP address info on subscribers. It is crazy dealing with traffic with savvy users, much less dealing with the people that change them, black hole them, then trace them again. I wouldn't want to have that job, it sounds exhausting.
It's sounds like the government is tired of playing cat and mouse to me with this kind of legislation put in place it will elevate some of the pressure I guess. Maybe they are trying to just clean up the internet, nab people. I read the first article so far.
Canadian Courts and police operate differently from the US. The individuals are generally more professional and competant, and less ambitious for higher office.
A Canadian court might will find (and even presume) police are acting reasonably, so evidence is admissible.
Exactly how is a Reverse IP lookup is different from using a Criss-Cross telephone directory?
Chill!
can someone please summarize?
Court: intertubes = phonebook
Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular?
More importantly, how can an IP address be identified with me directly? If "my" IP address is used to download porn, how do they know whether I did it, or someone else at my computer did it? How do they know it wasn't some Russian Mafia's botnet that took over my computer and did it?
This guy has it right, along with the reverse lookup comment for a phone number there was no violation of criminal law or established procedures for enforcement with what was done. Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.
Data that was traveling over the wire to and from the IP address was not obtained and would require a warrant to view, but simple subscriber information will-9 times out of 10-be given to law enforcement upon request. Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.
As far as I know, in the U.S. the police can *ask* for any information they want but the company is under no obligation to provide it. I'm not sure a case would get thrown out in the U.S. because there wasn't a warrant if the company voluntarily provided the information. The company might run afoul of consumer protection laws, but I'm not sure. Someone correct me if I'm wrong.
"Bread and Circuses is the cancer of democracy, the fatal disease for which there is no cure." --Robert Heinlien
Comparing IP addresses to residential addresses would be reasonable if the consequences of disclosing them were the same. But they're not.
If the police, without a warrant, could easily find out the contents of the postal mail that's delivered to any residential address, you'd better believe that people would want to keep their residential addresses private.
And, if there was no way for the police or anyone else to identify the contents of Internet traffic based on IP address, then people wouldn't care that much about keeping their IP addresses secret.
I liked John Gault's speech, I never have heard of him before coming across what was posted.
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information.
Expert evidence is often used in many different trials, for many different issues. However, the law in Canada requires that judges do not abdicate their decision-making authority to the experts. The proper role of the expert is to provide information to the judge that is outside of the judge's own area of expertise. On any given trial, there will usually be two experts (one for each side) who have completely contradictory opinions. It is the judge's job to weigh each expert's opinion against the rest of the evidence as a whole.
Thanks for bringing attention to this Ontario case. I raises a lot of interesting issues. I hope it is limited to criminal matters, and is not extended to civil ones. There was another Canadian case a few years ago where some RIAA-type outfit was demanding subscriber information from an ISP, and the judge held there that the subscriber information should not be disclosed.
The OP reasons that a 'reasonable expectation' of privacy can be broken down into two independent components: Is there an 'expectation'? And is that expectation 'reasonable'?
The reason this is not valid is that the broken-down version has a subtly subjective aspect that the combined expression lacks. Does the user have an expectation of privacy in context X? "Just ask them: Do you?" The question has become an entirely subjective one posed to the defendant, and it amounts to, 'Did you expect that your access to illegal content would remain undiscovered?' Well, duh, of course he did. The point of the law is not whether the defendant had an expectation of privacy, but whether our society has a reasonable expectation that such things will remain private.
Having broken the question down in an invalid way, he still makes a mess of the second part of it: "It seems absurd to say that a user's expectation of privacy for their identity online [...] is 'unreasonable'." Well done, that man, a top piece of reasoning, indeed. Taken together, these two would produce the following courtroom scene:
Lawyer: "Did you have an expectation of privacy when you murdered ninety-three people in central park?"
Defendent: "Yes."
Lawyer: "Well, it seems absurd to say that your expectation of privacy was unreasonable; after all, you wouldn't have done it if you'd expected people to be watching. OK, right to privacy established!"
You can't rely on the defendant's expectations and ideas about reasonableness.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
Bennett Hasleton thinks that education and legal training have no impact on how legitimate a person's opinion on legal matters is. His style of writing is very flawed in that it contains fallacies, appeals to emotion, and numerous grammatical errors. He doesn't link to the actual case file, so I can only assume that all of his commentary is based solely on the National Post article. This type of second-hand analysis is unreliable, as it relies on the interpretation of the journalist in question. He also does not recognize how the legal system views expert evidence - that is, it treats it as "opinion evidence" as opposed to "real evidence", the differences between which I will not delve into here.
I'm not going to go further, as I think it would be unnecessary and a complete waste of time. This is basically a very long rant on a subject in which he is nowhere near qualified to provide an in-depth analysis. I am not a lawyer, but I am a Criminology student at the University of Toronto, studying under one of the more prominent defence lawyers in the country (one of Maher Arar's lawyers) on legal procedure. Of course, if you're Bennett Hasleton though, that doesn't mean anything.
If there's a more hidebound, out-of-touch, bunch of rich old white men on the continent than a meeting of Ontario judges, I'd be surprised. Even the few who happen to have vaginas fit the profile.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Security is always a trade off. Want to protect your children, your precious children, from the evil perverts of the world? All you have to do is throw away anonymity. Throw away your capacity for reprisal free speech.
Say I'm a corrupt government official and I decide I don't like dissidents. I'll just order the ISPs to reveal any political opposition via IP tracing. No warrant. I'll just send a letter. I'll find my enemies. I'll find this anonymous coward.
Safety isn't so precious that you sell off far more important things. If my father or mother sold out my right to do, well, something just like this...I'm not sure if I'd return their fearful love.
Perhaps the case of child porn is a strong enough one to warrant(heh) an exception to the rule, but the rule should be privacy first. Free speech first.
they are callewd "anonymous proxy" services.
http://en.wikipedia.org/wiki/Anonymous_proxy#Anonymizing_proxy_server
every day http://en.wikipedia.org/wiki/Special:Random
The court is right. Not only that but it should be a worldwide law that all computers, televisions, phones (landline and cellular), automobiles, and toilets should have a built-in video camera that transmits video to the government at all times. The government will hire thousands of people to each watch about 100 screens at a time, with the source of the video on each screen changing every minute or so, so that everybody knows they are being watched but nobody knows exactly when. If a government agent sees something they don't like, they have the swat team barge in, arrest you, and have you "disappear" into a prison or gulag system without the possibility of getting out, of getting a trial, or of ever being heard from again, even if the alleged offense is not illegal at all. This will have many advantages. First it will help stimulate the economy because the government will have to hire all those people to watch the screens, the government will have to buy the screens and set up the facilities to install them in, the people will have to buy all those camera-enabled devices to comply with the law, prisons and gulags will have to be built very rapidly, and a lot of additional jobs will be created when thousands of people have to be hired to administer the system. Even more jobs will be created when the government hires thousands of auditors who have the right to barge into anyone's home or office and check to make sure that all the requisite devices comply with the new law. All of this economic stimulation guarantees multiple economic orgasms.
Recently, there have been a bunch of bills being pushed through to allow the police sweeping powers. I've also noticed a lot more in the paper about the police busting illegal pornography peddlers.
Seems that this is a pretty common pattern. If you're trying to push privacy-invading laws into effect, focus on a group that's rather universally disliked, generated a lot of publicity, and then say it's all part of the fight against (group X).
But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book -- users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.
i don't know about you, but i have no expectation of privacy for my identity online, and frankly, i don't know why anyone, especially the technically astute on slashdot, would have such an expectation. if i wanted to hide my identity, i would use Tor... just like the commentary says. if i don't use Tor, i have no expectation that what i am doing online is private. why do you?
and i'm not talking about policies and procedures of the government, i'm talking about any random yahoo of questionable motivation and privy to ip logs. this can be the government, it can also be a miscreant like a hacker who breaks into a webserver, it can be a webmaster of questionable ethics, it can also be a website i do business with interested in selling my private information. i know for a fact that if i make a purchase online, that my ip address is being explicitly logged for fraud purposes. i don't believe, in any way, that i have any privacy on the internet
in fact, one of the worst offenders here is google. think about what you've typed into google in the past 3 months. random musings, personal concerns, professional interests... as a running list, its a pretty good profile of some of the deepest secrets of your identity. anyone reading that list can even triangulate psychological truths about yourself perhaps in ways better than even you yourself understand yourself. and google is explicitly keeping this information. and maybe you use gmail, which represents even a larger treasure trove of such insights. put it all together: you have no privacy on the internet
the internet, in fact, pretty much represents the great assault on the very notion of privacy ever to exist in human history. honestly, if you want privacy, stop using the internet, or surf in complete incognito (which can be a pain in the ass at times)
i think the commentator is fighting a war which has long been lost, regardless of how the government operates. what the government thinks and how it operates CAN and SHOULD be attacked, by all means. but the idea of a "reasonable expectation of privacy" about anything you do on the internet is absurd. i know what i search for and what i visit is recorded and can be stitched back together, by all sorts of entities, not just the government
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
As a previous Slashdot article claimed, us technology people are not lawyers. What would we know about this stuff? Of course you can identify one person via one IP address in a one-to-one mapping. Everyone knows that. I got modded down for suggesting this kind of idiocy, because this is internet and networking 101. If you can't present the facts of what an IP address actually is then you have a real problem.
Child pornography is serious (OK, it's used as a politically correct example sometimes) and I'm not suggesting for a second people should get off on technicalities, but if courts are going to gather evidence and convict then they need to get some clue about the facts and understand what it is that they're talking about. Unless they do I can see massive claims for damages at some point in the future. This happens all over the world as well.
If the judge's analogy applies to listed but not unlisted numbers, then there's a simple solution:
Send a notarized letter to my ISP telling them that I wish my IP address to be kept private, and that I expect the same level of confidentiality as I would with an unlisted number.
This way, if they get my identity from my IP address without a warrant, the letter of intent will be on file, and I will thus be unaffected by this ruling.
This space left intentionally blank.
Sure: An IP address is a ten digit number that contains your entire internet surfing history. That IP address was used at one point to access child porn. Therefore we don't need a warrant to get your name and address from whatever ISP is serving up that address.
When our name is on the back of your car, we're behind you all the way!
I like privacy as much as the next guy, but I assume this doesn't work both ways. If you are suspected of downloading child porn (as in this case, which is illegal despite what all the thought crimers out there think) the cops have a reason to locate you (same as if you were soliciting over the phone). As long as the cops aren't allowed to obtain the identity first and then look at your browsing habits after, there isn't really an issue. I have an expectation of privacy as long as I'm operating within the bounds of the law, but if I chose to violate the law, I have to expect that there can be repercussions. As long as in all cases where the IP is obtained, the cop can detail what steps lead to the searching for the IP, we're okay. The problem would be if a cop has a beef with someone or a political opponent that they obtain information on and then scour all the details after the fact, looking for the escort service or an anonymous post about drug use or what not.
Everybody seems to think I'm lazy I don't mind, I think they're crazy
While I don't do it so often these days, I used to fairly regularly fix other people's computers at home. Part of the process generally involved testing the internet connection, and often monitoring for spews of unusual traffic (all my connections are routed through a 'nix box).
While I haven't seen anything outright illegal on a client machine (or not that they put there, if you're counting spyware crap), but there have been some pretty weird things on there, not to mention the rather borderline popups that seem to infest the PC's of those who downloaded trojans from warez/pr0n sites.
I wonder how much material it would take to tip you over the line into becoming a suspect. I'd imagine that a few rogue popups aren't going to do in the average user if there's a fair bit of work involved in tracing down their identify, but if the police have a click-of-the-button system to tag people there may be more incentive to do so, and possibly a lot more collateral damage in the process.
This is the worst definition of the term "trader" that I've ever seen. A trader buys stuff and resells it. If you are selling what you produce you are a producer. The contribution of a trader is that he identifies where things can be made cheaply and bring them to markets where they'd otherwise be expensive.
I realize you just copied that text, but still...
..like 127.0.0.1
Your 'real name'?!?! Who the fuck EVER puts their real names on any Microsoft product registration (excluding your basic, non-slashdot reading, use-the-computer-to-download-the-internets user). I think that the MAJORITY of machines that I've seen have some variant of "FUCK BILL GATES/FUCK M$" for registration names. His naivety is worth a chuckle. Enjoy!
tl;dr
Why do you, at the end of your comment, ask a question that was fully answered in-depth by the article? There's irony in the fact that you use a rather strained analogy also, just the point the author is trying to get across as being necessary...
So the argument is that it's reasonable to expect that my IP can be mapped to my person? Well, after this ruling it's definitely reasonable to assume this.
So this is something like a self-fullfilling prohphecy, right?
First, I want to start by stating that I agree with the basic premise of the original Op-Ed piece that these comments are attached to - namely that there is no good reason why police/prosecutors shouldn't get a warrant or subpoena for this information - users should have a reasonable expectation of privacy when using the Internet.
That said, with regards to your questions about an IP address not proving that any particular person is responsible for traffic, while you are correct, it is still necessary for the police to be able to associate an IP address with a name and address, for investigation purposes - it's all about following the clues backwards to the source. Every IP address (well, most, if not all) is associated with some person or organization/company. By getting that information, it allows the police to keep tracking backwards, possibly getting closer to the source.
So, for example, if you are the account holder, and the police have evidence of some online crime which points to your IP address, while they cannot prove that you did the crime, it is reasonable for the police to get a warrant so that they can locate and question you (so, for example, they might be able to find out from you who else you have let use your computer or network, whether you have a wireless or wired network, if it is wireless - whether or not your network is protected with an encryption/authentication scheme), and so that they can do a forensic analysis of your computer equipment. Let's go with your idea that the Russian Mafia made your computer part of a botnet - in that case, the police analysts might be able to detect the presence of the botnet software on your computer, and verify that this is the case. Having made that analysis, perhaps the police work with you and your ISP to trace the control traffic for the botnet back further along the chain away from your computer. Or, maybe it is someone on your network - like say for example you are the Network Admin for a company, and one of the computers at your company is being used to distribute kiddie porn - the police can then try to investigate to find out whether the files were placed on the server by one of your employees, or if instead the computer was compromised by an external hacker or botnet.
My point is, that while the IP address alone isn't really proof of guilt that any particular person committed a crime, it *is* a very important clue, and from that, it is both reasonable and important for the police to be able to obtain, *with a warrant*, name, address, and telephone number for the person who is responsible for that account. Without that information, they would be virtually unable to investigate crimes back to the source (it is, of course, very difficult even with that info, but that info does give them a lead to follow).
Now, yes, some police investigators, and prosecutors, will probably try to incorrectly establish a prosecution based upon the idea that the crime evidence points to this IP address, so the account holder must be responsible. In those cases, the defense attorney should point out to the jury and/or judges the flaw in their reasoning, and get the case dismissed or a not guilty verdict. But, just because this could be mis-used, doesn't mean that police should not have access in the first place to this important evidence.
It's like fingerprints or DNA evidence - alone, they often don't prove guilt. For example, if someone steals your gun, knife, or whatever, and commits a crime with it, your fingerprints or DNA might be on the weapon, but that doesn't prove your are guilty. A good investigator/prosecutor will take that into account, and a good defense attorney will point that out in court, if necessary, but that doesn't mean that fingerprint and DNA evidence aren't useful, and aren't legitimate for the police to use. In this example, once the police have identified you as the weapon owner, they can contact you, and find out that the weapon was stolen, approximately when it was stolen, any information you might have about who stole the weapon, etc.
Wow. Just wow. I live there. I find this ruling unbelievable. Very wrong. All under the auspices of the "save the children" chant.
IANAL however I do work for the Ontario Government and I do deal with FIPPA (Freedom of Information and Protection of Privacy Act) daily. Which is a law that governs this sort of thing. I am pretty sure I would be hung up by my balls and fired if I did what that judge just did. I guess some laws are just laws of convince.
If the same thing happened where the investigator got a warrant, court order, etc to get the info from the ISP, I would have no problem with it. The fact that he now made it open season to anyone with "lawful authority" (whatever the hell that means) to contact the ISP and look at your internet history, for whatever reason they well feel like, probable cause or not. What sites you visit, what files you download, etc... just brutal.
Big brother was always watching, but at least he had to have a good reason to do so before.
Scary Stuff.
I can't wait until someone is convicted because they didn't secure their WAP.
BTW the IP number by itself would not be protected, only in association with a private individuals name and other personal details.
Also just for fun, because I have "no expectation of privacy" I might as well "Post Anonymously" for the irony. :)
An IP address is not like a street address (which is fairly permanent). It's more like a hotel room number (transitory). The identity of the occupants of room 128 are not public knowledge like in a phone book, but must be obtained through a 3rd party (the hotel's front desk).
Do police need a warrant to look at the front desk's guest log?
The hotel room analogy also explains why IP addresses are insufficient evidence of criminal activity. If they know that criminal activity took place in room 128 last week, and arrest whomever is staying in that room this week, they don't necessarily have the person responsible. Could it in fact be the criminal? Sure, it's possible. But hotel rooms change occupants on a regular basis.
Don't put advice in your sig.
... and if you want to use one at some point in the future, use it regularly for no reason starting now so there's no obvious pattern to rely on.
- Michael T. Babcock (Yes, I blog)
Privacy arguments aside, people typically don't change their names constantly, nor necessarily their physical addresses and phone numbers. But if I change my MAC and my IP address on a regular basis then how are either of these "biographical data" if they no longer apply to my computer? Considering that there are plenty of folks who take the same security precautions, an IP address (and/or a MAC) taken from any given time and date may be as relevant biographically as a phone book listing taken 10 years and 5 moves ago.
The simple fact is that for law enforcement to expect that an IP address should count as accurate "biographical" information for them to act upon is the same as expecting that old phone book listing to be current and accurate. Big mistake, both for whomever's door they bust in who happens to have gotten the old IP address assigned to their computer via DHCP, and for law enforcement when they get eventually sued or otherwise disciplined for the bad accusation/arrest made on bad information.
Giving someone your address does not imply to them that they are welcome into your house and can take a full inventory of what you own, and put a camera in every room.
However, your ISP giving someone your IP address implies your entire "inventory" of internet searching is now available for viewing.
Ontario is a country called Canada.
Virginia is in a country called The United States of America.
Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.
Seven puppies were harmed during the making of this post.
ISPs deliberately go out of their way to stop you from establishing a link between your IP address and any sort of identity.
By sheer luck, some people manage to get semi-static IPs, if you want it guaranteed you pay hand-over-fist. The rest of us? Bounced from one DHCP lease to the next in case we actually run some services on our machines.
You can count me in for a "reverse IP phone book" if they'll let me have ronald-dumsfeld.myisp.com
Where's the Kaboom?
There's supposed to be an Earth-shattering Kaboom.
Comment removed based on user account deletion
I look it as your IP address is similar to your License Plate. The Police can look up who you are with those few numbers. Whether they get it from a witness or a security camera. Any of the other arguments can be made with that analogy. Other ppl use your computer at home? Someone borrowed your car. A botnet took it over? car was stolen. You are going out into the world even if you never leave your moms basement.
The individuals are generally more professional ...
Speaking as a Canadian, I disagree with that claim. I think that Canadian cops have the same proportion of C+ High School grads, kids that never grew up and never stopped playing cops and robbers, gun nuts, and control freaks, as the USA or anywhere else.
Cops everywhere have "To Serve and Protect" on their cars, but everywhere (including here in Canada) their actions identify their actual mission: "To Preserve Their Job, and To Close Cases as Easily as Possible", even if that means taking shortcuts over the Charter of Rights and Freedoms, even if that means building a case against an innocent man (Guy Paul Morin is just the most recent example) by deliberately burying exculpatory evidence.
But I don't think cops are the worst people in law enforcement; I give that honour to prison and jail guards. But that is another story for another day.
Then I guess as a private citizen I should have a resource I can look up IP's as well ?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Let's be perfectly frank here: the reason the court gave a free pass to the police is because this was a "child pornography" case. All logic flies out the window as soon as you mention CP, particularly so in Ontario for some reason. I don't know if it's the rampant conservative values that are to blame, but 'round here people have no spine unless children are "in danger". They will beat and harass released pedophiles (who have served their sentence), go on month-long searches for missing children (but not adults), but arrest anyone else for any other false reason and they will just look the other way while your life gets destroyed by the nanny police.
Worst case, if you get caught for some other "cybercrime" not involving CP, they have no shortage of people willing to plant or fabricate evidence to support their prosecution. We had one such cop nailed just a few years ago, I guess he pissed off one of his buddies and they turned him in. He was found out to be the leader of a child prostitution ring up here in Ontario. I really wish I could dig up the link...
-Billco, Fnarg.com
Child pornography is serious
It is serious, and that's why it should be approached in an organized and serious manner. An IP address is not an overly strong link to a person, and using it on that basis, possibly seizing a person's assets and putting them through a media circus, is a serious thing. Whether or not they're found guilty - because of the seriousness of the accusation - there will be long-lasting reputation damage to that individual.
If you have a friend accused of being a CP trader - even if he was later found not guilty - would you allow him to mind your kids?
Um. Does this mean that I can just phone up to an ISP and ask for the IP address and its association to someone's name? Since from now on our IP address is a public listing, I have a reasonable expectation that I should be able to do that, don't I?
And this is why Canadians have less rights and freedoms than Americans do. They don't have any true protections under the law. The Charter of Rights and Freedoms is a very fragile document. There's an especially huge hole in the Notwithstanding Clause. The federal government or any province can override sections of the Charter as they fit. Sure there's a time limit of five years on it, however there's no limit as to how many times they can renew it. The Charter is flawed and doesn't even come close to the rights and freedoms guaranteed in the US.
They'll never find me! My IP address is 12 digits!
the issue is not legal. it is technical and philosophical
in your house, you have privacy. there are walls, and doors, and any access to that area is controlled by you. you can expect privacy there and intrusions on that privacy are real and outrageous. expectation of privacy in your home is philosophically real and valid, since it is a space you control and usurping that natural control is obviously morally wrong. it is from this obvious and natural arrangement being imposed upon by government authorities do we find the moral and legal means for disallowing the government their attempts to usurp your privacy
ok, now what is the internet?
on the internet, you are sending out packets of information on a wide open network. with the express purpose of COMMUNICATING with other people. do i need to say anymore? with those two observations right there, don't you begin to feel some cognitive dissonance when you expect "privacy" from that arrangement?
would you expect privacy if you went into a train station and started shouting out your thoughts as hundreds walked past? that's pretty much the internet. where does the notion of privacy even fit in? not legally, but philosphically, where is the notion of privacy in this arrangement? there is none. privacy is simply philosophically and technically impossible, simply due to the nature of what you are talking about
the internet is pretty much the inverse of privacy. the very idea of privacy on the internet, a wide open COMMUNICATION network, is like asking for dry water, or dark sunlight: an absurdity. not a legal absurdity, it is deeper than that, it is a technical and philosophical absurdity. such that talking about the government invading your privacy on the internet is byeond the point: there's no privacy that existed in the first place to invade
to expect privacy on the internet is to not even understand what the internet is
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Umm. Yeah. Why not?
Can someone please explain this "expectation of privacy" business to me?
I don't "expect" that my snail mail correspondence is private. I "expect" it could be intercepted and read by a third party, with or even without my knowledge. I don't think the Ontario Court would be justified in ruling that based on this fact the police can read my mail and use it as evidence in court without a warrant. (Maybe it already is, IANAL)
How is internet communication any different? Is it because it is a little bit easier to spy online? If so, where is the line drawn? Is this Ontario Court Judge deserving of the ability to draw that line?
If internet communications become more private due to some technology in the future, and people become justified in expecting more privacy, will they reverse this ruling? (I'd guess: not bloody likely)
The term "producer" does not specify what you do with what you produce. The point of this statement is that the he will give you something, but get something in return. In this context, claiming to be a producer does not convey the same meaning.
If it's public information and there's no expectation of privacy, then what's the Prime Minister's IP address or the judge's IP address? Presumably people in government would have a problem with handing that information out, despite the fact that the public does know the address of the Prime Minister's physical residence.
In other words, it's subjective and subject to change. 15 years ago, if you asked a random user if they expected IP-address privacy, it was very likely they'd say, "of course not." You just ask a .edu sysadmin "ISP who is x.x.x.x? he's causing us trouble" and they might tell you. A subpoena?! No way.
But that was a long time ago (I guess). What surprises me is that cultural drift and an influx of naivety, can actually change the law, without a judge or legislator ever going near it. Ask them, huh? Relying on an IP address to be anonymous, just as relying on unencrypted communications to be private, is just plain stupid. But society is constantly voting, and if enough people are stupid, then society says it's protected. I don't exactly know when the stupid people won the "IP addresses are private" vote -- I didn't actually notice it happening -- but if you say it happened, then ok.
Pray those people don't ever think and realize how ridiculous their assumptions are. If they do, then the law will silently and implicitly change again, right under your nose. You'll be relying on the law, rather than encryption, to protect you, but once 51% of the people wise up, you'll be left behind and vulnerable, not only without technical protection, but without legal protection.
That's ridiculous. Of course it's not reasonable. But I've been taken to task (right here on /.) on this before, so let's just say that "reasonable" is extremely technical lawyer jargon which has nothing to do with the actual definition of the word. Frankly, I'd prefer if we just called it "squarglish expectations of privacy," because then we could all agree that society has decided to make IP anonymity squarglish, even in cases where the supposedly-protected information is totally vulnerable.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
A couple of points seem to be missing from the discussion here.
First, is the ISP's ability to volunteer the information. If I were on the receiving end of that fax, I would have provided the information too (once I was sure it really was the police, and not just some scam). My defense to criticism would be:
-illegal activity/failing to secure your system puts you in breach of your TOS*. We owe you nothing.
-they're our records we can do whatever we want with them. You breached your TOS, remember.
-we are a good Canadian company and don't fear the police. In fact we want to help them in their efforts to get the bad people off the streets.
Another point is that having an IP address does not mean charges will be laid. It is mearly one step in the investigation.
*These are both terms in my ISP's TOS. I should also point out that my ISP has refused to give IP's to copywrite lawyers waving civil lawsuits around. I think its fair to say that criminal code would be handled differently.
Yes, Canada is different from the U.S., but I'd like to correct a few of your statements. We do have an equivalent to the Miranda warning with respect to the "right to remain silent" - it's part of our Charter of Rights and Freedoms:
http://en.wikipedia.org/wiki/Miranda_warning#Canada
As for the "fruit of the poisoned vine" doctrine, one of the remedies of a Charter violation is exclusion of the improperly obtained evidence in certain cases (i.e. a confession given before being advised of the right to remain silent).
Although the "expectation of privacy" is not enshrined in our Constitution or Charter, there is a corresponding doctrine which has been discussed and recognized at common law.
To summarize, there are parallel concepts in Canada to each of those that you pointed out, though their application in Canada will differ of course.
And yes, IAAL (though not a criminal one).
you want to shout things in the train station, and no one will notice what you are saying is extremely private and powerful, and perhaps can be used against you or to profit. you expect completely random anonymous people to also be 100% virtuous in their interaction with you. surely, most will be. but not everyone. someone will notice what you are shouting can be used for some sort of profit on their part, and then go ahead and profit from you at your expense. or perhaps you are talking about the complete miscreant, who's only profit is making you miserable. after all, like you said, it is anonymous, how do they suffer for making you suffer, especially when you don't even know who is snooping on you?
say i am a cheating spouse, and i arrange to meet at a bar with my mistress. it is possible my wife or a friend of hers can go in that bar, and notice me with my mistress. do i have a valid expectation that this can't happen? unlikely, but can i expect "privacy" in that bar?
or perhaps some sort of indignant anonymous vigilante overhears my conversation with my mistress from the next table, and infers what is going on, and gets involved out of simple spite. how am i protected from that? how do i have a reasonable expectation of privacy in a PUBLIC venue?
in my own house or apartment: YES, i expect privacy, and it is valid for me to do so
you refer to a concept: "my definition of privacy was having nobody in the station able to identify me". what do you mean by "identify" you. know your biography? identifying ENOUGH about you to make a negative impact on your life is the issue here. and a person needs to now very little about you to represent a threat to you. especially when you are busy shouting private things in a middle of a train station. which is why no one shouts in the middle of a train station unless they are schizophrenic
the whole point is: when you are in a public space, you cannot expect any privacy. beginning and ending of entire discussion on the issue
and the internet is a public space. it is as simple as that
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
There is nothing incriminating or even directly informative about an IP address, any more than there is about a street address. But knowing that IP has porn or that street number has drugs is the content.
However, there remains a _huge_ fundamental difference: the US was founded on mistrust of ALL government while the Crown is still presumed to have a right to govern.
In decimal, it's 8 to 10 digits. As an IP, it's anywhere from 4 to 12 digits.
1.0.0.0 is 16777216 in decimal (assuming the first octet must start with at least 1, not 0, for those who will argue it)
255.255.255.255 is 4294967295 in decimal
They're all 32 bit numbers.
1.0.0.0 is 00000001000000000000000000000000
255.255.255.255 is 11111111111111111111111111111111
So, your IP is anywhere from 4 to 32 numbers. It's all in how it's represented. :)
Serious? Seriousness is well above my pay grade.
ya say good buy to the liberals in ontario and federally all they are showing is how PC like they are.
remember this next election
CYA dalton mcDummy
Seems like a better analogy to me. Police can get cameras and read license plate numbers off of them without warrants.
The license plate number also says where you've been and nobody has any expectation of privacy for it.
This is the information super highway, after all!
However, there remains a _huge_ fundamental difference: the US was founded on mistrust of ALL government while the Crown is still presumed to have a right to govern.
True - in theory. And yet, we have the institution of Governor General, which in practical terms can provide much more accountability and balance to government. While the prime minister has more centralized authority than, say, the US president, this unelected and generally non-partisan GG who is the representative of the Crown can dissolve the government if it oversteps its bounds. As we have recently seen, it is more than a ceremonial position, it is a kind of sword hanging over the head of the government.
The military is loyal to the Governor General before the Prime Minister; and yet the GG couldn't actually become a tyrant.
In typical mid-atlantic fashion, Canada's government is founded on trust in government but mistrust in officials' ability to be good governors. It's a fine distinction, that mirrors the balance between collective and individual rights that we have in Canada.
So, in actual daily practice, Canadians are better served by this institution than Americans by their right to revolt (good luck with that, eh!).
Damn those pesky terrorists
Who is this John Galt character, and where is his Ritalyn? Seriously, he needs it. Because he apparently has a very bad case of ADD and can't form a coherent thought without it.
The path to enlightenment is truly through homemade drugs!
Draw a car analogy, and everyone will understand.
What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?
It was commentary on the decision, NOT a summary of the decision. I read it, so I know this. You? I'm left wondering.
Don't you wish your girlfriend was a geek like me?
He's making it clear that he sees no obligation for anyone to consume what he produces. That he produces somehting is his own buissess, and no one owes him anything because he chose to produce something. What he produces is only "valuable" because someone is willing to trade for it for mutual advatage. The trade, not the production, creates value - both for the person on the other side of the trade, and for John Galt.
Socialism: a lie told by totalitarians and believed by fools.
Gov: IP = YP
Anonymity is a valid part of privacy in communications. In fact, the right to communicate anonymously is particularly protected by U.S. law.
Your analogy of a train station is specious. It is more like a cell phone conversation. A cell phone can tell where the call is coming from, but not who is on the other end. And other people who are not standing next to you CANNOT hear the conversation... until the receiver decides to post it publicly.
The Internet is not a "public space", any more than the vast network of telephone lines are a public space, and it is hardly "as simple as that". Communication is point-to-point, and the users have the ability to choose how "public" they want their information to be. I fail to see how you perceive it to be a public space, when the communication is specifically routed from one party to another... just as it is with a telephone conversation, whether land-line or cellular. I fail to see how you arrived at your conclusion. By your reasoning, since the communications routing is so similar in nature, telephone conversations must also be public material. That is simply false.
If you telephoned into a system that played your voice loudly over the PA system at a train station, then so be it... that is a choice you are making. But you also have the choice to call people privately, for a one-on-one conversation, or even to call anonymously (if you wanted to irritate someone).
The Internet is in no way a "public venue". I have no idea how you conceived that notion but you are very much mistaken. And because of that, the rest of your argument falls flat.
Why do you, at the end of your comment, ask a question that was fully answered in-depth by the article?
Actually, far from answering in-depth, the article never once touches on the existence or use of reverse directories, which is a major oversight in critiquing the telephone analogy.
Don't you wish your girlfriend was a geek like me?
Oh, heavens no, I'm glad there's no such thing for us.
Don't you wish your girlfriend was a geek like me?
"You don't see the difference between a health care record and an IP address?"
Of course I do. What is your point? MY point is that they are both records of your activities, of one sort or another. If one can be protected, why not the other?
Both can be said to be private information. Both are susceptible to abuse by others. So what's the problem?
This is a subtle misunderstanding of the purpose of a warrant. There are large swathes of information that police don't need search warrants to obtain. The purpose of a search warrant is to give police the power to search a particular thing by force - that is, over the objection of someone who wants the information to remain secret. Cops don't need search warrants in any other instance. They don't need a warrant for stuff that happens right in front of them, and cops don't need a warrant to ask witnesses questions.
If the witness proves uncooperative, then the police need a warrant (which only permits them to search whether the subject wants to submit or not). There are very few situations where the police need to get a warrant even though someone wants to tell them something. But that's not what happened here. The police asked the ISP to tell them which subscriber had IP 127.0.0.1, and the ISP chose to disclose the information. Perhaps the response from the ISP should have been "I'm sorry, I need to see a warrant" -- but that doesn't mean it gets excluded from the trial. Sometimes it does, sometimes it doesn't.
There is also Supreme Court precedent (which I sadly could not locate) which says that "envelope information" can be obtained from a service provider without a warrant, but the content of any message requires a warrant to obtain from the provider. Envelope information is date, time, from whom, and to where. In this case, the IP address is more properly classified as "envelope data". The Supreme Court said that there is a reasonable expectation of privacy in the communication itself, but that one must necessarily disclose that you are making the communication to the provider, so that the provider can connect you. (I personally disagree with this analysis, but it is controlling law.)
"So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights)," Actually, in Canada we have an interesting catch 22 of sorts. You're protections from the law are guaranteed only in such a way that will not bring the administration of justice into disrepute. Just because the police messed up and didn't obtain a warrent, if it was just an honest to goodness mistake (or issue of somewhat legitimate confusion) and not a systemic deliberate abuse of powers, then the judge is likely to allow the evidence, and warn the officers not to do it again. (In Canada, we value the spirit of the law more than it's technical protection, a little problematic at some times, but all in all, I like the provision. People rarely walk on technicalities here, because we trust our courts enough to make judgement calls.)
I am a trader. I earn what I get in trade for what I produce.
This is the worst definition of the term "trader" that I've ever seen.
He isn't defining "trader". He's contrasting his economics (trading) with the economics of the book's antagonists (taking).
you think the internet is like a telephone conversation
he said in a wide open thread
that anyone navigating to slashdot can read
on the internet
seriously, wtf is wrong with you?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Yes ... if only there were some kind of standard way of representing IP addresses that would have allowed us to skip the math lesson.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Canadian Courts and police operate differently from the US. The individuals are generally more professional and competant, and less ambitious for higher office.
Professional!!? Competent!!!? What Canada do you come from??
your packets traversed a number of hops. at each hop, your packet and its origin were visible to someone. who is at each hop?
once slashdot's server got your packets, it made a little notation in a database about where they got the packet from. and that information sits there in that databse, for who knows how long, completely beyond your control
and you are saying this series of events is private?
private, to me, is sitting in your room with a close friend. you say something to them, the words go to their ears, and bounce off some walls, and disapate. and the rest of the world knows nothing about what was said
and you think this is like posting on the internet?
seriously?
where does this expectation come from?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
for you, the word "anonymous" means "i wish it were anonymous"
walk on an empty beach, and talk to someone. the crash surf will drown out your voices beyond a few feet. anonymous
talking on a telephone, or posting on the internet, or dropping a letter in the mail, is an act of putting your communication into a system beyond your control. depending upon that communication to be anonymous is an impossibility. the law can say whatever the hell it wants. it can wrtie in 24 red point font that anyone, including the government, snooping on your communications in network will be skinned alive. doesn't change the fact that your communication is, essentially, not anonymous. feel me now?
look, if you have something to say that is so important as to be anonymous, go to that person, close the damn door, and say it to them
but if you type it, phone it, mail it: it's non anonymous
it's a really simple concept
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
To the average citizen 'reasonable expectation' means that which the average reasonable person would expect. In the case of the Internet, based admittedly on my rather small social circle (~50 people), this appears to mean that people expect to be anonymous on the Internet as long as they're not explicitly logged in to a website. The law appears to conform to this, so the people are happy.
However, in reality this means something else entirely. It means that precedent, one of the oldest arguments from authority, is what counts. It means lawyers arguing about which precedents are good precedents and why that must according to them absolutely, undeniably be so, regardless of what is actually the case. Since both arguments will be necessarily logically inconsistent and unless one of the parties screwed up most visibly, which is subjective, it also means judges have large room to simply go with whatever they personally like best. And it also means that people with a legal background that disliked the decision will argue about how this or that precedent or argument does or does not logically apply, whilst completely missing the point.
Ummm... I don't think you understand what "justice is blind" means.
Time to go back to high-school, nevermind law-school.
I've read this guy's assessment of the Virgina case and I thought he was pretty stupid then, as well, but I couldn't be bothered to respond. I don't think his conclusion is necessarily wrong, but many of the things he says are way off base. for instance, the judge is NOT drawing an analogy between an IP address and an address--that would make no sense, and, if that were the case, the rest of this blabbering summary would make no sense either. in fact, in the very first quote of the judge in question, he explicitly states that what he's talking about _IS_ the address. an IP address is not [necessarily] personally identifying information, and it is not biographical information. an address is much closer to the former and absolutely the latter. I do not see any analogy. the judge is stating simply that a person would not reasonably expect the information about their name and address to be private.
if there is an analogy, it is being able to map between IP addresses and physical addresses as one would be able to map between real names and physical addresses. but the judge is not even talking about IP addresses--he is merely saying that a physical address can be obtained via the ISP, and that no person would reasonably expect their address to be private from the state. I don't know if that's true or not. it certainly may not be true that this information should be legally obtainable without a warrant. I don't know whether that's the case under the law, but if there's nothing in your contract with your ISP stipulating otherwise, then I don't see why the ISP shouldn't be allowed to volunteer that information willingly--it's their service, their equipment, and their logs.
that said, what an IP address DOES do, instead of deliberating physical locality or personal identity, is tie certain actions to virtual identities, which can easily be reduced to a very small subset of people. that is what should be at hand: one should not reasonably expect an IP address to be private, because it is impossible to communicate over the internet without one, but should one expect a court to be able to identify an individual's whereabouts and behavior based upon this information? the analogy then would be more akin to something of the nature: imagine a shopping mall (or perhaps a club warehouse) that mandates each person partaking of its services register with full name and physical address and obtains an identity card which can be mapped to this information in one way or another, which said person must wear at all time. if the card contains a uniquely identifying number and must be placed visibly upon the person, then any police "on duty" inside of the shopping mall may be able to glimpse the virtual "address" of each individual customer. can the police take this uniquely identifying number, and, without a warrant, obtain the mall's records of where this person whose number it is has shopped, and what it has bought, or perhaps even obtain surveillance footage (maybe there's a grid of RFID-enabled cameras) of the customer moving about through the various stores?
I wouldn't think so. it may be also possible to determine credit card records and various other things with only the public-facing name of an individual, but that is not possible without a warrant, as far as I'm aware, at least without the card company deciding to volunteer this information (but I'm sure there're laws about that, not to mention contractual agreements with the companies).
and to pick some nits: not only is an IP address not geographical or biographical, but it is also assuredly not a ten digit number. it's [currently] 32 bits of information, which may be expressed in any number of ways. in dotted-quad format, of course, one could be anywhere from four to twelve numbers in length, but the numeral itself would actually be seven to fifteen "characters," and the number value would be (in decimal) from zero to 2^32-1.
Mine goes up to 11.
qz
Damn!! Is that picture really you? You look just like that guy...What's his name?
Djew mean on FB? Thasme.
"Flyin' in just a sweet place,
Never been known to fail..."
And this is me, in '83:
http://cheunderground.com/blog/?p=56
http://cheunderground.com/blog/wp-content/uploads/2008/09/jerry2.jpg
http://cheunderground.com/blog/wp-content/uploads/2008/05/img018thumb.jpg
'84:
http://cheunderground.com/blog/wp-content/uploads/2008/05/img015.jpg
And '82:
http://cheunderground.com/blog/wp-content/uploads/2008/03/answers_dave-jerry1_800.jpg
"Flyin' in just a sweet place,
Never been known to fail..."
One of the primary differences is that IP addresses are left behind as cookie crumbs everywhere you go online. In real life, you wouldn't leave your home address and telephone number on business cards laying on the street at every intersection with a date/time stamp indicating that you'd been there, would you?
While the type of information seems similar, the resulting availability of personal behaviour data that is discoverable as a result is unnerving.
- Michael T. Babcock (Yes, I blog)
It may be the case that Canadian politicians are not eager to explicitly invoke a "screw the constitution" clause, possibly because they understand it to be a potentially career terminating move.
In fact, outside of Quebec (which is very different from the rest of Canada), the clause has been used only three times since it entered the charter in 1981, and never actually invoked.
The first was in Yukon's Land Planning and Development Act (1982), which was never proclaimed into law.
The second was in Saskatchewan (1984-86), to protect back-to-work legislation that was later ruled not to violate the charter.
The third was in Alberta (2000), amending that province's Marriage Act to define marriage as exclusively heterosexual. That had no legal effect because the federal government has sole jurisdiction to decide who is eligible to marry in Canada.
I am not defending section 33, but before you dismiss the Canadian constitution out of hand because of it, I suggest you read a little about it.